admin/38808-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updating internal mail

Browse Source
This commit is contained in:
Flatlogic Bot 2026-02-28 03:56:18 +00:00
parent 3aa10f537e
commit 607b9d8838
9 changed files with 494 additions and 268 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

549
charity-settings.php
View File

@ -138,6 +138,13 @@ if (isset($_SESSION['error'])) {
$statuses = db()->query("SELECT * FROM mailbox_statuses ORDER BY id ASC")->fetchAll();
$email_logs = db()->query("SELECT * FROM email_logs ORDER BY id DESC LIMIT 50")->fetchAll();
// System Info
$php_version = phpversion();
$mysql_version = db()->query("SELECT VERSION()")->fetchColumn();
$server_addr = $_SERVER['SERVER_ADDR'] ?? '127.0.0.1';
$upload_max = ini_get('upload_max_filesize');
$post_max = ini_get('post_max_size');
?>
<div class="row">
@ -146,251 +153,356 @@ $email_logs = db()->query("SELECT * FROM email_logs ORDER BY id DESC LIMIT 50")-
</div>
<?php if ($success_msg): ?>
<div class="alert alert-success"><?= $success_msg ?></div>
<div class="alert alert-success border-0 shadow-sm"><i class="fas fa-check-circle me-2"></i> <?= $success_msg ?></div>
<?php endif; ?>
<?php if ($error_msg): ?>
<div class="alert alert-danger"><?= $error_msg ?></div>
<div class="alert alert-danger border-0 shadow-sm"><i class="fas fa-exclamation-circle me-2"></i> <?= $error_msg ?></div>
<?php endif; ?>
<div class="col-md-12">
<ul class="nav nav-tabs mb-4" id="settingsTabs" role="tablist">
<li class="nav-item" role="presentation">
<button class="nav-link active" id="general-tab" data-bs-toggle="tab" data-bs-target="#general" type="button" role="tab">بيانات النظام</button>
</li>
<li class="nav-item" role="presentation">
<button class="nav-link" id="smtp-tab" data-bs-toggle="tab" data-bs-target="#smtp" type="button" role="tab">إعدادات SMTP</button>
</li>
<li class="nav-item" role="presentation">
<button class="nav-link" id="statuses-tab" data-bs-toggle="tab" data-bs-target="#statuses" type="button" role="tab">حالات البريد</button>
</li>
<li class="nav-item" role="presentation">
<button class="nav-link" id="logs-tab" data-bs-toggle="tab" data-bs-target="#logs" type="button" role="tab">سجلات البريد</button>
</li>
</ul>
<div class="tab-content bg-white p-4 shadow-sm rounded border" id="settingsTabsContent">
<!-- General Settings -->
<div class="tab-pane show active" id="general" role="tabpanel">
<h4 class="mb-4">بيانات النظام</h4>
<form method="POST" enctype="multipart/form-data">
<input type="hidden" name="update_charity" value="1">
<div class="row">
<div class="col-md-6 mb-3">
<label class="form-label">اسم النظام</label>
<input type="text" name="charity_name" class="form-control" value="<?= htmlspecialchars($charity['charity_name'] ?? '') ?>" required>
</div>
<div class="col-md-6 mb-3">
<label class="form-label">البريد الإلكتروني للنظام</label>
<input type="email" name="charity_email" class="form-control" value="<?= htmlspecialchars($charity['charity_email'] ?? '') ?>">
</div>
</div>
<div class="mb-3">
<label class="form-label">رقم الهاتف</label>
<input type="text" name="charity_phone" class="form-control" value="<?= htmlspecialchars($charity['charity_phone'] ?? '') ?>">
</div>
<div class="mb-3">
<label class="form-label">العنوان</label>
<textarea name="charity_address" class="form-control" rows="3"><?= htmlspecialchars($charity['charity_address'] ?? '') ?></textarea>
</div>
<div class="row">
<div class="col-md-6 mb-3">
<label class="form-label">شعار النظام</label>
<input type="file" name="charity_logo" class="form-control" accept="image/*">
<?php if ($charity['charity_logo']): ?>
<div class="mt-2"><img src="<?= $charity['charity_logo'] ?>" alt="Logo" style="max-height: 80px;"></div>
<?php endif; ?>
</div>
<div class="col-md-6 mb-3">
<label class="form-label">أيقونة الموقع (Favicon)</label>
<input type="file" name="charity_favicon" class="form-control" accept="image/x-icon,image/png">
<?php if ($charity['charity_favicon']): ?>
<div class="mt-2"><img src="<?= $charity['charity_favicon'] ?>" alt="Favicon" style="max-height: 32px;"></div>
<?php endif; ?>
</div>
</div>
<button type="submit" class="btn btn-dark">تحديث إعدادات النظام</button>
</form>
<div class="card shadow-sm border-0">
<div class="card-header bg-white p-0">
<ul class="nav nav-tabs border-bottom-0" id="settingsTabs" role="tablist">
<li class="nav-item" role="presentation">
<button class="nav-link active px-4 py-3" id="general-tab" data-bs-toggle="tab" data-bs-target="#general" type="button" role="tab">بيانات النظام</button>
</li>
<li class="nav-item" role="presentation">
<button class="nav-link px-4 py-3" id="smtp-tab" data-bs-toggle="tab" data-bs-target="#smtp" type="button" role="tab">إعدادات SMTP</button>
</li>
<li class="nav-item" role="presentation">
<button class="nav-link px-4 py-3" id="statuses-tab" data-bs-toggle="tab" data-bs-target="#statuses" type="button" role="tab">حالات البريد</button>
</li>
<li class="nav-item" role="presentation">
<button class="nav-link px-4 py-3" id="logs-tab" data-bs-toggle="tab" data-bs-target="#logs" type="button" role="tab">سجلات البريد</button>
</li>
<li class="nav-item" role="presentation">
<button class="nav-link px-4 py-3" id="sysinfo-tab" data-bs-toggle="tab" data-bs-target="#sysinfo" type="button" role="tab">معلومات الخادم</button>
</li>
</ul>
</div>
<div class="card-body p-4">
<div class="tab-content" id="settingsTabsContent">
<!-- General Settings -->
<div class="tab-pane fade show active" id="general" role="tabpanel">
<h5 class="fw-bold mb-4 text-primary">بيانات النظام والجهة</h5>
<form method="POST" enctype="multipart/form-data">
<input type="hidden" name="update_charity" value="1">
<div class="row">
<div class="col-md-6 mb-3">
<label class="form-label fw-bold">اسم النظام / الجهة</label>
<input type="text" name="charity_name" class="form-control" value="<?= htmlspecialchars($charity['charity_name'] ?? '') ?>" required>
</div>
<div class="col-md-6 mb-3">
<label class="form-label fw-bold">البريد الإلكتروني الرسمي</label>
<input type="email" name="charity_email" class="form-control" value="<?= htmlspecialchars($charity['charity_email'] ?? '') ?>">
</div>
</div>
<div class="mb-3">
<label class="form-label fw-bold">رقم الهاتف</label>
<input type="text" name="charity_phone" class="form-control" value="<?= htmlspecialchars($charity['charity_phone'] ?? '') ?>">
</div>
<div class="mb-3">
<label class="form-label fw-bold">العنوان</label>
<textarea name="charity_address" class="form-control" rows="3"><?= htmlspecialchars($charity['charity_address'] ?? '') ?></textarea>
</div>
<div class="row mt-4">
<div class="col-md-6 mb-3">
<label class="form-label fw-bold">شعار النظام</label>
<input type="file" name="charity_logo" class="form-control" accept="image/*">
<?php if ($charity['charity_logo']): ?>
<div class="mt-3 p-3 bg-light rounded text-center border">
<img src="<?= $charity['charity_logo'] ?>" alt="Logo" style="max-height: 100px;">
<p class="small text-muted mt-2 mb-0">الشعار الحالي</p>
</div>
<?php endif; ?>
</div>
<div class="col-md-6 mb-3">
<label class="form-label fw-bold">أيقونة الموقع (Favicon)</label>
<input type="file" name="charity_favicon" class="form-control" accept="image/x-icon,image/png">
<?php if ($charity['charity_favicon']): ?>
<div class="mt-3 p-3 bg-light rounded text-center border">
<img src="<?= $charity['charity_favicon'] ?>" alt="Favicon" style="max-height: 48px;">
<p class="small text-muted mt-2 mb-0">الأيقونة الحالية</p>
</div>
<?php endif; ?>
</div>
</div>
<div class="text-end mt-4">
<button type="submit" class="btn btn-dark px-4">حفظ جميع التغييرات</button>
</div>
</form>
</div>
<!-- SMTP Settings -->
<div class="tab-pane" id="smtp" role="tabpanel">
<div class="d-flex justify-content-between align-items-center mb-4">
<h4>إعدادات البريد (SMTP)</h4>
<?php if (!$smtp['is_enabled']): ?>
<div class="badge bg-danger p-2">
<i class="fas fa-exclamation-triangle me-1"></i> SMTP معطل بسبب كثرة الأخطاء
<form method="POST" style="display:inline;" class="ms-2">
<button type="submit" name="enable_smtp" class="btn btn-sm btn-light">إعادة تفعيل</button>
<!-- SMTP Settings -->
<div class="tab-pane fade" id="smtp" role="tabpanel">
<div class="d-flex justify-content-between align-items-center mb-4">
<h5 class="fw-bold text-primary mb-0">إعدادات البريد (SMTP)</h5>
<?php if (!$smtp['is_enabled']): ?>
<div class="alert alert-danger py-2 px-3 mb-0 d-flex align-items-center">
<small><i class="fas fa-exclamation-triangle me-2"></i> SMTP معطل حالياً</small>
<form method="POST" class="ms-3">
<button type="submit" name="enable_smtp" class="btn btn-sm btn-outline-danger">تفعيل الآن</button>
</form>
</div>
<?php else: ?>
<div class="badge bg-success p-2">
<i class="fas fa-check-circle me-1"></i> SMTP يعمل (الأخطاء: <?= $smtp['consecutive_failures'] ?>/<?= $smtp['max_failures'] ?>)
</div>
<?php endif; ?>
</div>
<form method="POST">
<input type="hidden" name="update_smtp" value="1">
<div class="row">
<div class="col-md-8 mb-3">
<label class="form-label fw-bold">SMTP Host</label>
<input type="text" name="smtp_host" class="form-control" value="<?= htmlspecialchars($smtp['smtp_host'] ?? '') ?>" placeholder="smtp.example.com">
</div>
<div class="col-md-4 mb-3">
<label class="form-label fw-bold">SMTP Port</label>
<input type="number" name="smtp_port" class="form-control" value="<?= htmlspecialchars($smtp['smtp_port'] ?? 587) ?>">
</div>
</div>
<div class="row">
<div class="col-md-6 mb-3">
<label class="form-label fw-bold">SMTP Security</label>
<select name="smtp_secure" class="form-select">
<option value="tls" <?= ($smtp['smtp_secure'] ?? '') === 'tls' ? 'selected' : '' ?>>TLS (الأكثر أماناً)</option>
<option value="ssl" <?= ($smtp['smtp_secure'] ?? '') === 'ssl' ? 'selected' : '' ?>>SSL</option>
<option value="none" <?= ($smtp['smtp_secure'] ?? '') === 'none' ? 'selected' : '' ?>>بدون تشفير</option>
</select>
</div>
<div class="col-md-6 mb-3">
<label class="form-label fw-bold">اسم المرسل (Display Name)</label>
<input type="text" name="from_name" class="form-control" value="<?= htmlspecialchars($smtp['from_name'] ?? '') ?>" placeholder="نظام المراسلات">
</div>
</div>
<div class="row">
<div class="col-md-6 mb-3">
<label class="form-label fw-bold">SMTP Username</label>
<input type="text" name="smtp_user" class="form-control" value="<?= htmlspecialchars($smtp['smtp_user'] ?? '') ?>">
</div>
<div class="col-md-6 mb-3">
<label class="form-label fw-bold">SMTP Password</label>
<input type="password" name="smtp_pass" class="form-control" value="<?= htmlspecialchars($smtp['smtp_pass'] ?? '') ?>">
</div>
</div>
<div class="row">
<div class="col-md-4 mb-3">
<label class="form-label fw-bold">From Email</label>
<input type="email" name="from_email" class="form-control" value="<?= htmlspecialchars($smtp['from_email'] ?? '') ?>">
</div>
<div class="col-md-4 mb-3">
<label class="form-label fw-bold">Reply-To Email</label>
<input type="email" name="reply_to" class="form-control" value="<?= htmlspecialchars($smtp['reply_to'] ?? '') ?>">
</div>
<div class="col-md-4 mb-3">
<label class="form-label fw-bold">حد الأخطاء قبل التعطيل</label>
<input type="number" name="max_failures" class="form-control" value="<?= htmlspecialchars($smtp['max_failures'] ?? 5) ?>">
</div>
</div>
<button type="submit" class="btn btn-primary">حفظ إعدادات البريد</button>
</form>
<div class="mt-5 p-4 bg-light rounded border">
<h6 class="fw-bold mb-3">اختبار الإرسال</h6>
<p class="small text-muted mb-3">أدخل بريداً إلكترونياً صالحاً لإرسال رسالة تجريبية للتأكد من صحة الإعدادات.</p>
<form method="POST">
<div class="input-group" style="max-width: 450px;">
<input type="email" name="test_email_addr" class="form-control" placeholder="بريد الوجهة (example@mail.com)" required>
<button class="btn btn-secondary" type="submit"><i class="fas fa-paper-plane me-2"></i> إرسال اختبار</button>
</div>
</form>
</div>
<?php else: ?>
<div class="badge bg-success p-2">
<i class="fas fa-check-circle me-1"></i> SMTP مفعل (أخطاء: <?= $smtp['consecutive_failures'] ?>/<?= $smtp['max_failures'] ?>)
</div>
<?php endif; ?>
</div>
</div>
<form method="POST">
<input type="hidden" name="update_smtp" value="1">
<div class="row">
<div class="col-md-8 mb-3">
<label class="form-label">SMTP Host</label>
<input type="text" name="smtp_host" class="form-control" value="<?= htmlspecialchars($smtp['smtp_host'] ?? '') ?>">
<!-- Statuses Settings -->
<div class="tab-pane fade" id="statuses" role="tabpanel">
<div class="d-flex justify-content-between align-items-center mb-4">
<h5 class="fw-bold text-primary mb-0">أنواع حالات البريد</h5>
<button class="btn btn-sm btn-primary" onclick="new bootstrap.Modal(document.getElementById('addStatusModal')).show()"><i class="fas fa-plus me-2"></i> إضافة حالة جديدة</button>
</div>
<div class="col-md-4 mb-3">
<label class="form-label">SMTP Port</label>
<input type="number" name="smtp_port" class="form-control" value="<?= htmlspecialchars($smtp['smtp_port'] ?? 587) ?>">
</div>
</div>
<div class="row">
<div class="col-md-6 mb-3">
<label class="form-label">SMTP Security</label>
<select name="smtp_secure" class="form-select">
<option value="tls" <?= ($smtp['smtp_secure'] ?? '') === 'tls' ? 'selected' : '' ?>>TLS (Recommended)</option>
<option value="ssl" <?= ($smtp['smtp_secure'] ?? '') === 'ssl' ? 'selected' : '' ?>>SSL</option>
<option value="none" <?= ($smtp['smtp_secure'] ?? '') === 'none' ? 'selected' : '' ?>>None</option>
</select>
</div>
<div class="col-md-6 mb-3">
<label class="form-label">Sender Name</label>
<input type="text" name="from_name" class="form-control" value="<?= htmlspecialchars($smtp['from_name'] ?? '') ?>">
</div>
</div>
<div class="mb-3">
<label class="form-label">SMTP Username</label>
<input type="text" name="smtp_user" class="form-control" value="<?= htmlspecialchars($smtp['smtp_user'] ?? '') ?>">
</div>
<div class="mb-3">
<label class="form-label">SMTP Password</label>
<input type="password" name="smtp_pass" class="form-control" value="<?= htmlspecialchars($smtp['smtp_pass'] ?? '') ?>">
</div>
<div class="row">
<div class="col-md-4 mb-3">
<label class="form-label">From Email</label>
<input type="email" name="from_email" class="form-control" value="<?= htmlspecialchars($smtp['from_email'] ?? '') ?>">
</div>
<div class="col-md-4 mb-3">
<label class="form-label">Reply-To Email</label>
<input type="email" name="reply_to" class="form-control" value="<?= htmlspecialchars($smtp['reply_to'] ?? '') ?>">
</div>
<div class="col-md-4 mb-3">
<label class="form-label">حد الأخطاء قبل التعطيل</label>
<input type="number" name="max_failures" class="form-control" value="<?= htmlspecialchars($smtp['max_failures'] ?? 5) ?>">
</div>
</div>
<button type="submit" class="btn btn-primary">حفظ إعدادات SMTP</button>
</form>
<hr class="my-4">
<h5>اختبار الإرسال</h5>
<form method="POST">
<div class="input-group" style="max-width: 400px;">
<input type="email" name="test_email_addr" class="form-control" placeholder="بريد الوجهة" required>
<button class="btn btn-outline-secondary" type="submit">إرسال تجريبي</button>
<div class="table-responsive">
<table class="table table-hover align-middle border">
<thead class="bg-light">
<tr><th>الحالة</th><th>كود اللون</th><th>افتراضية</th><th class="text-end">الإجراء</th></tr>
</thead>
<tbody>
<?php foreach ($statuses as $status): ?>
<tr>
<td>
<span class="badge px-3 py-2" style="background-color: <?= $status['color'] ?>;">
<?= htmlspecialchars($status['name']) ?>
</span>
</td>
<td><code><?= $status['color'] ?></code></td>
<td>
<?php if ($status['is_default']): ?>
<span class="badge bg-success-subtle text-success border border-success px-2 py-1">نعم</span>
<?php else: ?>
<span class="text-muted">-</span>
<?php endif; ?>
</td>
<td class="text-end">
<button type="button" class="btn btn-sm btn-outline-primary" onclick="editStatus(<?= $status['id'] ?>, '<?= htmlspecialchars($status['name'], ENT_QUOTES) ?>', '<?= $status['color'] ?>', <?= $status['is_default'] ?>)"><i class="fas fa-edit"></i></button>
<?php if (!$status['is_default']): ?>
<form method="POST" onsubmit="return confirm('هل أنت متأكد من حذف هذه الحالة؟');" style="display:inline;">
<input type="hidden" name="status_id" value="<?= $status['id'] ?>">
<input type="hidden" name="delete_status" value="1">
<button type="submit" class="btn btn-sm btn-outline-danger"><i class="fas fa-trash"></i></button>
</form>
<?php endif; ?>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
</div>
</form>
</div>
<!-- Statuses Settings -->
<div class="tab-pane" id="statuses" role="tabpanel">
<h4 class="mb-4">أنواع حالات البريد</h4>
<form method="POST" class="mb-4 bg-light p-3 rounded">
<input type="hidden" name="add_status" value="1">
<div class="row g-2 align-items-end">
<div class="col-md-5">
<label class="form-label">اسم الحالة</label>
<input type="text" name="status_name" class="form-control" required>
<!-- Email Logs -->
<div class="tab-pane fade" id="logs" role="tabpanel">
<h5 class="fw-bold text-primary mb-4">سجلات المراسلات البريدية (آخر 50 عملية)</h5>
<div class="table-responsive">
<table class="table table-sm table-hover border">
<thead class="bg-light">
<tr>
<th class="py-3 ps-3">الوقت والتاريخ</th>
<th class="py-3">المستلم</th>
<th class="py-3">الموضوع</th>
<th class="py-3">الحالة</th>
<th class="py-3 pe-3">تفاصيل الخطأ</th>
</tr>
</thead>
<tbody>
<?php if ($email_logs): ?>
<?php foreach ($email_logs as $log): ?>
<tr>
<td class="ps-3 small"><?= date('Y-m-d H:i:s', strtotime($log['created_at'])) ?></td>
<td><span class="fw-bold"><?= htmlspecialchars($log['recipient']) ?></span></td>
<td class="small"><?= htmlspecialchars($log['subject']) ?></td>
<td>
<span class="badge bg-<?= $log['status'] === 'success' ? 'success' : 'danger' ?>">
<?= $log['status'] === 'success' ? 'تم الإرسال' : 'فشل' ?>
</span>
</td>
<td class="pe-3 small text-danger"><?= htmlspecialchars($log['error_message'] ?? '-') ?></td>
</tr>
<?php endforeach; ?>
<?php else: ?>
<tr><td colspan="5" class="text-center py-4 text-muted">لا يوجد سجلات حالياً</td></tr>
<?php endif; ?>
</tbody>
</table>
</div>
<div class="col-md-2">
<label class="form-label">اللون</label>
<input type="color" name="status_color" class="form-control form-control-color w-100" value="#0d6efd">
</div>
<div class="col-md-3 text-center">
<div class="form-check mb-2">
<input class="form-check-input" type="checkbox" name="is_default" id="is_default">
<label class="form-check-label" for="is_default">افتراضية</label>
</div>
<!-- System Info Tab -->
<div class="tab-pane fade" id="sysinfo" role="tabpanel">
<h5 class="fw-bold text-primary mb-4">معلومات النظام والخادم</h5>
<div class="row g-4">
<div class="col-md-6">
<div class="p-3 border rounded bg-light">
<h6 class="fw-bold border-bottom pb-2 mb-3">بيئة البرمجيات</h6>
<table class="table table-sm table-borderless mb-0">
<tr><td width="150" class="text-muted">نسخة PHP:</td><td class="fw-bold"><?= $php_version ?></td></tr>
<tr><td class="text-muted">نسخة MySQL:</td><td class="fw-bold"><?= $mysql_version ?></td></tr>
<tr><td class="text-muted">نظام التشغيل:</td><td class="fw-bold"><?= PHP_OS ?></td></tr>
<tr><td class="text-muted">عنوان الخادم:</td><td class="fw-bold"><?= $server_addr ?></td></tr>
</table>
</div>
</div>
<div class="col-md-6">
<div class="p-3 border rounded bg-light">
<h6 class="fw-bold border-bottom pb-2 mb-3">إعدادات الملفات</h6>
<table class="table table-sm table-borderless mb-0">
<tr><td width="150" class="text-muted">أقصى حجم رفع:</td><td class="fw-bold"><?= $upload_max ?></td></tr>
<tr><td class="text-muted">أقصى حجم POST:</td><td class="fw-bold"><?= $post_max ?></td></tr>
<tr><td class="text-muted">ترميز قاعدة البيانات:</td><td class="fw-bold">utf8mb4_unicode_ci</td></tr>
<tr><td class="text-muted">نطاق النظام:</td><td class="fw-bold"><?= $_SERVER['HTTP_HOST'] ?></td></tr>
</table>
</div>
</div>
<div class="col-md-12">
<div class="p-3 border rounded bg-warning bg-opacity-10 border-warning">
<h6 class="fw-bold mb-2 text-warning-emphasis"><i class="fas fa-tools me-2"></i> أدوات الصيانة</h6>
<p class="small mb-3">هذه الأدوات مخصصة لمدير النظام فقط. يرجى توخي الحذر عند الاستخدام.</p>
<div class="d-flex gap-2">
<button class="btn btn-sm btn-outline-warning" onclick="alert('قريباً: نسخة احتياطية لقاعدة البيانات')"><i class="fas fa-database me-1"></i> نسخة احتياطية</button>
<button class="btn btn-sm btn-outline-secondary" onclick="location.reload()"><i class="fas fa-sync-alt me-1"></i> تحديث الحالة</button>
</div>
</div>
</div>
</div>
<div class="col-md-2">
<button type="submit" class="btn btn-primary w-100">إضافة</button>
</div>
</div>
</form>
<div class="table-responsive">
<table class="table align-middle">
<thead>
<tr><th>الاسم</th><th>اللون</th><th>افتراضية</th><th class="text-end">الإجراء</th></tr>
</thead>
<tbody>
<?php foreach ($statuses as $status): ?>
<tr>
<td><span class="badge" style="background-color: <?= $status['color'] ?>;"><?= htmlspecialchars($status['name']) ?></span></td>
<td><code><?= $status['color'] ?></code></td>
<td><?= $status['is_default'] ? '<i class="fas fa-check text-success"></i>' : '' ?></td>
<td class="text-end">
<button type="button" class="btn btn-sm btn-outline-primary" onclick="editStatus(<?= $status['id'] ?>, '<?= htmlspecialchars($status['name'], ENT_QUOTES) ?>', '<?= $status['color'] ?>', <?= $status['is_default'] ?>)"><i class="fas fa-edit"></i></button>
<form method="POST" onsubmit="return confirm('حذف؟');" style="display:inline;"><input type="hidden" name="status_id" value="<?= $status['id'] ?>"><input type="hidden" name="delete_status" value="1"><button type="submit" class="btn btn-sm btn-outline-danger"><i class="fas fa-trash"></i></button></form>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
</div>
<!-- Email Logs -->
<div class="tab-pane" id="logs" role="tabpanel">
<h4 class="mb-4">سجلات البريد المرسل (آخر 50 عملية)</h4>
<div class="table-responsive">
<table class="table table-sm table-hover">
<thead>
<tr>
<th>الوقت</th>
<th>المستلم</th>
<th>الموضوع</th>
<th>الحالة</th>
<th>الخطأ</th>
</tr>
</thead>
<tbody>
<?php foreach ($email_logs as $log): ?>
<tr>
<td class="small"><?= date('Y-m-d H:i', strtotime($log['created_at'])) ?></td>
<td><?= htmlspecialchars($log['recipient']) ?></td>
<td class="small"><?= htmlspecialchars($log['subject']) ?></td>
<td>
<span class="badge bg-<?= $log['status'] === 'success' ? 'success' : 'danger' ?>">
<?= $log['status'] === 'success' ? 'نجاح' : 'فشل' ?>
</span>
</td>
<td class="small text-danger"><?= htmlspecialchars($log['error_message'] ?? '') ?></td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
</div>
</div>
</div>
</div>
<!-- Add Status Modal -->
<div class="modal fade" id="addStatusModal" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content">
<form method="POST">
<div class="modal-header">
<h5 class="modal-title fw-bold">إضافة حالة جديدة</h5>
<button type="button" class="btn-close ms-0 me-auto" data-bs-dismiss="modal"></button>
</div>
<div class="modal-body">
<input type="hidden" name="add_status" value="1">
<div class="mb-3">
<label class="form-label fw-bold">اسم الحالة</label>
<input type="text" name="status_name" class="form-control" placeholder="مثال: تحت الدراسة" required>
</div>
<div class="mb-3">
<label class="form-label fw-bold">اللون التعريفي</label>
<input type="color" name="status_color" class="form-control form-control-color w-100" value="#0d6efd">
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="is_default" id="add_is_default">
<label class="form-check-label" for="add_is_default">تعيين كحالة افتراضية للبريد الجديد</label>
</div>
</div>
<div class="modal-footer border-0">
<button type="button" class="btn btn-light" data-bs-dismiss="modal">إلغاء</button>
<button type="submit" class="btn btn-primary px-4">إضافة الحالة</button>
</div>
</form>
</div>
</div>
</div>
<!-- Edit Status Modal -->
<div class="modal fade" id="editStatusModal" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content">
<form method="POST">
<div class="modal-header">
<h5 class="modal-title">تعديل نوع الحالة</h5>
<h5 class="modal-title fw-bold">تعديل نوع الحالة</h5>
<button type="button" class="btn-close ms-0 me-auto" data-bs-dismiss="modal"></button>
</div>
<div class="modal-body">
<input type="hidden" name="update_status" value="1"><input type="hidden" name="status_id" id="edit_status_id">
<div class="mb-3"><label class="form-label">اسم الحالة</label><input type="text" name="status_name" id="edit_status_name" class="form-control" required></div>
<div class="mb-3"><label class="form-label">اللون</label><input type="color" name="status_color" id="edit_status_color" class="form-control form-control-color w-100"></div>
<div class="form-check"><input class="form-check-input" type="checkbox" name="is_default" id="edit_is_default"><label class="form-check-label" for="edit_is_default">افتراضية</label></div>
<input type="hidden" name="update_status" value="1">
<input type="hidden" name="status_id" id="edit_status_id">
<div class="mb-3">
<label class="form-label fw-bold">اسم الحالة</label>
<input type="text" name="status_name" id="edit_status_name" class="form-control" required>
</div>
<div class="mb-3">
<label class="form-label fw-bold">اللون التعريفي</label>
<input type="color" name="status_color" id="edit_status_color" class="form-control form-control-color w-100">
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="is_default" id="edit_is_default">
<label class="form-check-label" for="edit_is_default">تعيين كحالة افتراضية</label>
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">إلغاء</button>
<button type="submit" class="btn btn-primary">حفظ</button>
<div class="modal-footer border-0">
<button type="button" class="btn btn-light" data-bs-dismiss="modal">إلغاء</button>
<button type="submit" class="btn btn-primary px-4">حفظ التغييرات</button>
</div>
</form>
</div>
@ -412,7 +524,10 @@ document.addEventListener('DOMContentLoaded', function() {
if (activeTab) {
var tabEl = document.querySelector('button[data-bs-target="' + activeTab + '"]');
if (tabEl) {
bootstrap.Tab.getInstance(tabEl)?.show() || new bootstrap.Tab(tabEl).show();
// Check if it's already shown to avoid flicker
if (!tabEl.classList.contains('active')) {
bootstrap.Tab.getInstance(tabEl)?.show() || new bootstrap.Tab(tabEl).show();
}
}
}
@ -421,6 +536,14 @@ document.addEventListener('DOMContentLoaded', function() {
localStorage.setItem('activeSettingsTab', e.target.getAttribute('data-bs-target'));
});
});
// Handle hash in URL for direct tab access
if (window.location.hash) {
var hashTab = document.querySelector('button[data-bs-target="' + window.location.hash + '"]');
if (hashTab) {
bootstrap.Tab.getInstance(hashTab)?.show() || new bootstrap.Tab(hashTab).show();
}
}
});
</script>

42
inbound.php
View File

@ -71,17 +71,19 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if ($ref_no && $subject) {
try {
db()->beginTransaction();
if ($action === 'add') {
$stmt = db()->prepare("INSERT INTO mailbox (type, ref_no, date_registered, due_date, sender, recipient, subject, description, status_id, assigned_to, created_by) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
$stmt->execute([$type, $ref_no, $date_registered, $due_date, $sender, $recipient, $subject, $description, $status_id, $assigned_to, $user_id]);
$mail_id = db()->lastInsertId();
if ($assigned_to) {
sendAssignmentNotification($assigned_to, $ref_no, $subject);
}
$_SESSION['success'] = 'تمت إضافة البريد بنجاح';
redirect('inbound.php');
} elseif ($action === 'edit') {
$mail_id = $id;
// Get previous assigned_to to check if it changed
$stmt_old = db()->prepare("SELECT assigned_to FROM mailbox WHERE id = ?");
$stmt_old->execute([$id]);
@ -95,9 +97,29 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
}
$_SESSION['success'] = 'تم تحديث البيانات بنجاح';
redirect('inbound.php');
}
// Handle Attachments
if (!empty($_FILES['attachments']['name'][0])) {
$upload_dir = 'uploads/attachments/';
if (!is_dir($upload_dir)) mkdir($upload_dir, 0777, true);
foreach ($_FILES['attachments']['name'] as $key => $name) {
if ($_FILES['attachments']['error'][$key] === 0) {
$file_name = time() . '_' . basename($name);
$target_path = $upload_dir . $file_name;
if (move_uploaded_file($_FILES['attachments']['tmp_name'][$key], $target_path)) {
$stmt = db()->prepare("INSERT INTO attachments (mail_id, display_name, file_path, file_name, file_size) VALUES (?, ?, ?, ?, ?)");
$stmt->execute([$mail_id, $name, $target_path, $name, $_FILES['attachments']['size'][$key]]);
}
}
}
}
db()->commit();
redirect('inbound.php');
} catch (PDOException $e) {
db()->rollBack();
if ($e->getCode() == 23000) {
$error = 'رقم القيد مستخدم مسبقاً';
} else {
@ -350,7 +372,7 @@ function getStatusBadgeInList($mail) {
<h5 class="modal-title fw-bold" id="mailModalLabel">إضافة بريد وارد جديد</h5>
<button type="button" class="btn-close btn-close-white" data-bs-dismiss="modal" aria-label="Close"></button>
</div>
<form id="mailForm" method="POST">
<form id="mailForm" method="POST" enctype="multipart/form-data">
<div class="modal-body p-4">
<input type="hidden" name="action" id="modalAction" value="add">
<input type="hidden" name="id" id="modalId" value="0">
@ -384,6 +406,10 @@ function getStatusBadgeInList($mail) {
<label class="form-label fw-bold">الوصف / ملاحظات</label>
<textarea name="description" id="modalDescription" class="form-control" rows="3"></textarea>
</div>
<div class="col-12">
<label class="form-label fw-bold">المرفقات</label>
<input type="file" name="attachments[]" class="form-control" multiple>
</div>
<div class="col-md-6">
<label class="form-label fw-bold">الحالة</label>
<select name="status_id" id="modalStatusId" class="form-select">
@ -454,10 +480,12 @@ function openMailModal(action, data = null) {
label.textContent = 'إضافة بريد وارد جديد';
modalId.value = '0';
Object.keys(fields).forEach(key => {
if (key === 'date_registered') fields[key].value = '<?= date('Y-m-d') ?>';
else if (key === 'status_id') fields[key].value = '<?= $default_status_id ?>';
else if (key === 'ref_no') fields[key].value = '<?= generateRefNo('inbound') ?>';
else fields[key].value = '';
if (fields[key]) {
if (key === 'date_registered') fields[key].value = '<?= date('Y-m-d') ?>';
else if (key === 'status_id') fields[key].value = '<?= $default_status_id ?>';
else if (key === 'ref_no') fields[key].value = '<?= generateRefNo('inbound') ?>';
else fields[key].value = '';
}
});
} else {
label.textContent = 'تعديل البريد الوارد';

38
includes/footer.php
View File

@ -2,22 +2,24 @@
</div><!-- Close main-content -->
<?php endif; ?>
<footer class="footer mt-auto py-3 bg-white border-top">
<footer class="footer mt-auto py-4 bg-white border-top">
<div class="container-fluid px-md-4 text-center">
<span class="text-muted small">
&copy; <?= date('Y') ?> <?= htmlspecialchars($charity_info['charity_name'] ?? 'نظام إدارة البريد') ?>. جميع الحقوق محفوظة.
</span>
<?php if (isAdmin()): ?>
<div class="mt-2">
<ul class="list-inline mb-0">
<li class="list-inline-item">
<a href="charity-settings.php" class="text-muted text-decoration-none small hover-primary">
<i class="fas fa-cog me-1"></i> الإعدادات
</a>
</li>
</ul>
<div class="d-flex flex-column align-items-center">
<span class="text-muted small mb-1">
&copy; <?= date('Y') ?> <?= htmlspecialchars($charity_info['charity_name'] ?? 'نظام إدارة البريد') ?>. جميع الحقوق محفوظة.
</span>
<div class="d-flex align-items-center gap-3">
<span class="badge bg-secondary opacity-50 fw-normal" style="font-size: 0.65rem;">نسخة النظام 1.2.0</span>
<?php if (isAdmin()): ?>
<a href="charity-settings.php" onclick="localStorage.setItem('activeSettingsTab', '#general');" class="text-muted text-decoration-none small hover-primary border-start ps-3">
<i class="fas fa-cog me-1"></i> الإعدادات
</a>
<a href="charity-settings.php#logs" onclick="localStorage.setItem('activeSettingsTab', '#logs');" class="text-muted text-decoration-none small hover-primary border-start ps-3">
<i class="fas fa-history me-1"></i> سجل المراسلات
</a>
<?php endif; ?>
</div>
</div>
<?php endif; ?>
</div>
</footer>
@ -25,6 +27,9 @@
.hover-primary:hover {
color: #0d6efd !important;
}
.footer .border-start {
border-color: rgba(0,0,0,0.1) !important;
}
</style>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js"></script>
@ -53,3 +58,8 @@
</script>
</body>
</html>
<?php
if (ob_get_level() > 0) {
ob_end_flush();
}
?>

62
includes/header.php
View File

@ -1,4 +1,5 @@
<?php
ob_start();
session_start();
require_once __DIR__ . '/../db/config.php';
@ -8,11 +9,18 @@ function isLoggedIn() {
}
function isAdmin() {
return isset($_SESSION['role']) && $_SESSION['role'] === 'admin';
// Check session first
if (isset($_SESSION['user_role']) && strtolower($_SESSION['user_role']) === 'admin') return true;
if (isset($_SESSION['role']) && strtolower($_SESSION['role']) === 'admin') return true;
return false;
}
function redirect($path) {
header("Location: $path");
if (!headers_sent()) {
header("Location: $path");
} else {
echo "<script>window.location.href='$path';</script>";
}
exit;
}
@ -32,15 +40,16 @@ function canEdit() {
return $_SESSION['can_edit'] ?? false;
}
function canViewInternal() {
if (isAdmin()) return true;
return canView();
}
function canDelete() {
if (isAdmin()) return true;
return $_SESSION['can_delete'] ?? false;
}
if (!isLoggedIn() && basename($_SERVER['PHP_SELF']) !== 'login.php' && basename($_SERVER['PHP_SELF']) !== 'forgot_password.php') {
redirect('login.php');
}
// Fetch user info (theme and permissions)
$user_theme = 'light';
$current_user = null;
@ -56,9 +65,16 @@ if (isLoggedIn()) {
$_SESSION['can_edit'] = (bool)$current_user['can_edit'];
$_SESSION['can_delete'] = (bool)$current_user['can_delete'];
$_SESSION['name'] = $current_user['full_name'] ?: $current_user['username'];
$_SESSION['user_role'] = strtolower($current_user['role']);
$_SESSION['role'] = strtolower($current_user['role']);
}
}
// Auth Check (after fetch to ensure session is updated)
if (!isLoggedIn() && basename($_SERVER['PHP_SELF']) !== 'login.php' && basename($_SERVER['PHP_SELF']) !== 'forgot_password.php') {
redirect('login.php');
}
// Fetch charity info for header/favicon
$charity_stmt = db()->query("SELECT * FROM charity_settings WHERE id = 1");
$charity_info = $charity_stmt->fetch();
@ -90,7 +106,7 @@ $charity_info = $charity_stmt->fetch();
background-color: var(--bs-body-bg);
}
.sidebar {
min-height: 100vh;
height: 100vh;
background-color: #212529;
color: #fff;
width: 250px;
@ -99,6 +115,16 @@ $charity_info = $charity_stmt->fetch();
right: 0;
z-index: 1000;
transition: all 0.3s;
overflow-y: auto;
scrollbar-width: thin;
scrollbar-color: rgba(255,255,255,0.2) transparent;
}
.sidebar::-webkit-scrollbar {
width: 6px;
}
.sidebar::-webkit-scrollbar-thumb {
background-color: rgba(255,255,255,0.2);
border-radius: 10px;
}
.sidebar .nav-link {
color: rgba(255,255,255,0.7);
@ -202,9 +228,9 @@ $charity_info = $charity_stmt->fetch();
<h5 class="mb-0 fw-bold"><?= htmlspecialchars($charity_info['charity_name'] ?? 'إدارة البريد') ?></h5>
</div>
<ul class="nav flex-column mt-3">
<ul class="nav flex-column mt-3 mb-4">
<li class="nav-item">
<a class="nav-link <?= basename($_SERVER['PHP_SELF']) == 'user_dashboard.php' ? 'active' : '' ?>" href="user_dashboard.php">
<a class="nav-link <?= (basename($_SERVER['PHP_SELF']) == 'index.php' || basename($_SERVER['PHP_SELF']) == 'user_dashboard.php') ? 'active' : '' ?>" href="index.php">
<i class="fas fa-tachometer-alt me-2"></i> لوحة التحكم
</a>
</li>
@ -233,14 +259,21 @@ $charity_info = $charity_stmt->fetch();
</a>
</li>
<?php if (isAdmin()): ?>
<div class="sidebar-heading">التقارير</div>
<?php if (isAdmin()): ?>
<li class="nav-item">
<a class="nav-link <?= basename($_SERVER['PHP_SELF']) == 'overdue_report.php' ? 'active' : '' ?>" href="overdue_report.php">
<i class="fas fa-clock me-2"></i> بريد متأخر
</a>
</li>
<?php endif; ?>
<li class="nav-item">
<a class="nav-link <?= (basename($_SERVER['PHP_SELF']) == 'inbound.php' && isset($_GET['my_tasks'])) ? 'active' : '' ?>" href="inbound.php?my_tasks=1">
<i class="fas fa-tasks me-2"></i> مهامي الحالية
</a>
</li>
<?php if (isAdmin()): ?>
<div class="sidebar-heading">الإدارة</div>
<li class="nav-item">
<a class="nav-link <?= basename($_SERVER['PHP_SELF']) == 'users.php' ? 'active' : '' ?>" href="users.php">
@ -248,8 +281,13 @@ $charity_info = $charity_stmt->fetch();
</a>
</li>
<li class="nav-item">
<a class="nav-link <?= basename($_SERVER['PHP_SELF']) == 'charity-settings.php' ? 'active' : '' ?>" href="charity-settings.php">
<i class="fas fa-cog me-2"></i> إعدادات النظام
<a class="nav-link <?= (basename($_SERVER['PHP_SELF']) == 'charity-settings.php' && !isset($_GET['tab'])) ? 'active' : '' ?>" href="charity-settings.php" onclick="localStorage.setItem('activeSettingsTab', '#general');">
<i class="fas fa-cog me-2"></i> الإعدادات
</a>
</li>
<li class="nav-item">
<a class="nav-link" href="charity-settings.php#logs" onclick="localStorage.setItem('activeSettingsTab', '#logs'); if(location.pathname.includes('charity-settings.php')) location.hash='#logs';">
<i class="fas fa-history me-2"></i> سجل المراسلات
</a>
</li>
<?php endif; ?>

17
index.php
View File

@ -1,6 +1,10 @@
<?php
require_once __DIR__ . '/includes/header.php';
if (!isAdmin()) { redirect('user_dashboard.php'); }
// Role-based routing: Admins stay here, others go to their dashboard
if (!isAdmin()) {
redirect('user_dashboard.php');
}
$user_id = $_SESSION['user_id'];
$is_admin = isAdmin();
@ -41,7 +45,8 @@ $recent_mail_query = "SELECT m.*, s.name as status_name, s.color as status_color
FROM mailbox m
LEFT JOIN mailbox_statuses s ON m.status_id = s.id
LEFT JOIN users u ON m.assigned_to = u.id";
if (!$is_admin && $_SESSION['user_role'] !== 'clerk') {
if (!$is_admin && ($_SESSION['user_role'] ?? '') !== 'clerk') {
$recent_mail_query .= " WHERE m.assigned_to = ? OR m.created_by = ?";
$recent_stmt = db()->prepare($recent_mail_query . " ORDER BY m.created_at DESC LIMIT 10");
$recent_stmt->execute([$user_id, $user_id]);
@ -66,10 +71,10 @@ function getStatusBadge($mail) {
?>
<div class="d-flex justify-content-between flex-wrap flex-md-nowrap align-items-center pt-3 pb-2 mb-3 border-bottom">
<h1 class="h2">لوحة التحكم</h1>
<h1 class="h2">لوحة التحكم الإدارية</h1>
<div class="btn-toolbar mb-2 mb-md-0">
<div class="btn-group me-2">
<?php if (isAdmin()): ?><a href="charity-settings.php" class="btn btn-sm btn-outline-dark"><i class="fas fa-cog me-1"></i> الإعدادات</a><?php endif; ?>
<a href="charity-settings.php" class="btn btn-sm btn-outline-dark"><i class="fas fa-cog me-1"></i> الإعدادات</a>
<a href="inbound.php?action=add" class="btn btn-sm btn-outline-primary">إضافة بريد وارد</a>
<a href="outbound.php" class="btn btn-sm btn-outline-secondary">إضافة بريد صادر</a>
</div>
@ -78,7 +83,7 @@ function getStatusBadge($mail) {
<!-- Overdue Alert -->
<?php
$overdue_count = db()->query("SELECT COUNT(*) FROM mailbox WHERE due_date < CURDATE() AND status != 'closed'")->fetchColumn();
$overdue_count = db()->query("SELECT COUNT(*) FROM mailbox WHERE due_date < CURDATE() AND status_id IN (SELECT id FROM mailbox_statuses WHERE name != 'closed')")->fetchColumn();
if ($overdue_count > 0):
?>
<div class="row mb-4">
@ -88,9 +93,7 @@ if ($overdue_count > 0):
<i class="fas fa-exclamation-triangle fs-4 me-3"></i>
<span class="fw-bold">هناك <?= $overdue_count ?> مهام متأخرة تتطلب انتباهك!</span>
</div>
<?php if (isAdmin()): ?>
<a href="overdue_report.php" class="btn btn-danger btn-sm">عرض التقرير</a>
<?php endif; ?>
</div>
</div>
</div>

29
internal_outbox.php
View File

@ -22,8 +22,27 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['
if ($recipient_id && $subject) {
try {
db()->beginTransaction();
$stmt = db()->prepare("INSERT INTO mailbox (type, ref_no, date_registered, subject, description, status_id, assigned_to, created_by) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
$stmt->execute([$type, $ref_no, $date_registered, $subject, $description, $default_status_id, $recipient_id, $user_id]);
$mail_id = db()->lastInsertId();
// Handle Attachments
if (!empty($_FILES['attachments']['name'][0])) {
$upload_dir = 'uploads/attachments/';
if (!is_dir($upload_dir)) mkdir($upload_dir, 0777, true);
foreach ($_FILES['attachments']['name'] as $key => $name) {
if ($_FILES['attachments']['error'][$key] === 0) {
$file_name = time() . '_' . basename($name);
$target_path = $upload_dir . $file_name;
if (move_uploaded_file($_FILES['attachments']['tmp_name'][$key], $target_path)) {
$stmt = db()->prepare("INSERT INTO attachments (mail_id, display_name, file_path, file_name, file_size) VALUES (?, ?, ?, ?, ?)");
$stmt->execute([$mail_id, $name, $target_path, $name, $_FILES['attachments']['size'][$key]]);
}
}
}
}
// Notify recipient
$stmt_recp = db()->prepare("SELECT full_name, email FROM users WHERE id = ?");
@ -46,9 +65,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['
MailService::sendMail($recipient['email'], $email_subject, $htmlBody);
}
db()->commit();
$_SESSION['success'] = 'تم إرسال الرسالة بنجاح';
redirect('internal_outbox.php');
} catch (PDOException $e) {
db()->rollBack();
$error = 'حدث خطأ: ' . $e->getMessage();
}
} else {
@ -237,14 +258,14 @@ function getStatusBadgeInternal($mail) {
<h5 class="modal-title fw-bold" id="composeModalLabel">إنشاء رسالة جديدة للموظفين</h5>
<button type="button" class="btn-close btn-close-white" data-bs-dismiss="modal" aria-label="Close"></button>
</div>
<form id="composeForm" method="POST">
<form id="composeForm" method="POST" enctype="multipart/form-data">
<div class="modal-body p-4">
<input type="hidden" name="action" value="compose">
<div class="row g-3">
<div class="col-md-12">
<label class="form-label fw-bold">إلى <span class="text-danger">*</span></label>
<select name="recipient_id" class="form-select border-2" required>
<option value="">-- اختر الموظف --</option>
<option value="">-- اختر המوظف --</option>
<?php foreach ($users_list as $u): ?>
<option value="<?= $u['id'] ?>"><?= htmlspecialchars($u['full_name'] . ' (@' . $u['username'] . ')') ?></option>
<?php endforeach; ?>
@ -258,6 +279,10 @@ function getStatusBadgeInternal($mail) {
<label class="form-label fw-bold">الرسالة</label>
<textarea name="description" id="composeEditor" class="form-control border-2" rows="10"></textarea>
</div>
<div class="col-md-12">
<label class="form-label fw-bold">المرفقات</label>
<input type="file" name="attachments[]" class="form-control border-2" multiple>
</div>
</div>
</div>
<div class="modal-footer border-top-0 bg-light p-3">

2
overdue_report.php
View File

@ -9,7 +9,7 @@ $type_filter = $_GET['type'] ?? '';
$user_filter = $_GET['user_id'] ?? '';
$params = [];
$where = ["due_date < CURDATE()", "status != 'closed'"];
$where = ["due_date < CURDATE()", "status != 'closed'", "type != 'internal'"];
if ($type_filter) {
$where[] = "type = ?";

10
user_dashboard.php
View File

@ -4,7 +4,6 @@ require_once __DIR__ . '/includes/header.php';
// Check if user has view permission
if (!canView()) {
// If they can't even view, they shouldn't be here, but header.php already handles basic login.
// We'll let them see their profile at least, but maybe not this dashboard.
}
$user_id = $_SESSION['user_id'];
@ -44,9 +43,9 @@ $recent_query = "SELECT m.*, s.name as status_name, s.color as status_color, u.f
LEFT JOIN users u ON m.assigned_to = u.id";
if ($is_admin || $is_clerk) {
// Admins and Clerks see all recent activity if they have view permission
$recent_stmt = db()->prepare($recent_query . " ORDER BY m.updated_at DESC LIMIT 10");
$recent_stmt->execute();
// Admins and Clerks see all recent activity EXCEPT internal mail they are not part of
$recent_stmt = db()->prepare($recent_query . " WHERE m.type != 'internal' OR m.assigned_to = ? OR m.created_by = ? ORDER BY m.updated_at DESC LIMIT 10");
$recent_stmt->execute([$user_id, $user_id]);
} else {
// Staff see only theirs
$recent_stmt = db()->prepare($recent_query . " WHERE m.assigned_to = ? OR m.created_by = ? ORDER BY m.updated_at DESC LIMIT 10");
@ -199,7 +198,6 @@ function getStatusBadge($mail) {
</div>
</div>
</div>
</div>
<?php endif; ?>
</div>
@ -281,7 +279,7 @@ function getStatusBadge($mail) {
</div>
<div class="d-flex justify-content-between align-items-center">
<small class="text-muted">
<i class="fas <?= $act['type'] == 'inbound' ? 'fa-arrow-down text-primary' : 'fa-arrow-up text-success' ?> me-1"></i>
<i class="fas <?= $act['type'] == 'inbound' ? 'fa-arrow-down text-primary' : ($act['type'] == 'outbound' ? 'fa-arrow-up text-success' : 'fa-exchange-alt text-info') ?> me-1"></i>
<?= $act['ref_no'] ?>
</small>
<?= getStatusBadge($act) ?>

3
view_mail.php
View File

@ -23,8 +23,9 @@ $mail = $stmt->fetch();
if (!$mail) redirect('index.php');
// Security check for internal mail: only sender or recipient can view
// Even admins should only see their own internal mail for privacy
if ($mail['type'] === 'internal') {
if ($mail['created_by'] != $_SESSION['user_id'] && $mail['assigned_to'] != $_SESSION['user_id'] && !isAdmin()) {
if ($mail['created_by'] != $_SESSION['user_id'] && $mail['assigned_to'] != $_SESSION['user_id']) {
redirect('internal_inbox.php');
}
}